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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including tine 
fee set forth in 37 CFR 1 .17(e), was filed in this application after final rejection. 
Since this application is eligible for continued examination under 37 CFR 1.114, 
and the fee set forth in 37 CFR 1 .17(e) has been timely paid, the finality of the 
previous Office action has been withdrawn pursuant to 37 CFR 1 .1 14. 
Applicant's submission filed on 5/12/2008 has been entered. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1 , 3-7 and 9-31 have been 
considered but are moot in view of the new ground(s) of rejection. 

Response to Amendment 

3. The Examiner has stated the below column and line numbers as 
examples. All columns and line numbers in the reference and the figures are 
relevant material and Applicant should be taken the entire reference into 
consideration upon the reply to this Office Action. 

4. Claims 1, 7, 9, 12, 16, 27, 29 and 31 have been amended. 
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5. 


Claims 2 and 8 liave been cancelled. 


6. 


Claims 32 and 33 have been added. 


7. 


Claims 1, 3-7 and 9-33 are pending. 


Information Disclosure Statement 


8. No Information Disclosure Statements have been submitted with the 
application. 


9. The drawings are objected to under 37 CFR 1 .83(a). The drawings must 
show every feature of the invention specified in the claims. Therefore, the 
access server must be shown or the feature(s) canceled from the claim(s). No 
new matter should be entered. 

Corrected drawing sheets in compliance with 37 CFR 1 .121(d) are 
required in reply to the Office action to avoid abandonment of the application. 
Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is 
being amended. The figure or figure number of an amended drawing should not 
be labeled as "amended." If a drawing figure is to be canceled, the appropriate 
figure must be removed from the replacement sheet, and where necessary, the 
remaining figures must be renumbered and appropriate changes made to the 


Drawings 
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brief description of the several views of the drawings for consistency. Additional 
repiacement sheets may be necessary to show the renumbering of the remaining 
figures. Each drawing sheet submitted after the filing date of an application must 
be labeled in the top margin as either "Replacement Sheet" or "New Sheet" 
pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, 
the applicant will be notified and informed of any required corrective action in the 
next Office action. The objection to the drawings will not be held in abeyance. 

Claim Objections 

1 0. In light of Applicant's amendments, the previous objections to claims 9, 27 
and 29 have been withdrawn. 

Claim Rejections - 35 USC § 102 

1 1 . The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(a) the Invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the Invention thereof by the applicant for a patent. 

1 2. Claims 1 , 3, 5-7, 1 1 -1 3, 1 5-1 8, 26-29 and 31 -33 are rejected under 35 
U.S.C. 102(a) as being anticipated by US Patent Application Publication No. 
2003/0140151 to Daenen et al. (hereinafter Daenen). 
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As to claims 1 and 33, Daenen teaches: 

a. Receiving autlientication messages sent tlirougli an access server 
from a user to an autlientication server (user logs in through the access 
server to the connection policy server to the authentication server) 
(Daenen, [0040-0041]). 

b. Determining from said authentication messages user identifiers and 
service attributes associated with said user (message information is used 
to build a profile for the user that specifies the rules governing network 
access of the user) (Daenen, [0043-0045]). 

c. Creating a user service policy entry in a user policy table, in a 
network device separate form the access server and the authentication 
server (the Connection Policy RADIUS Server (CPRS) is separate and 
independent of the access server and authentication server) (Daenen, 
[0032 and 0051]) for said identified user contained said service attributes 
(message information is used to build a profile for the user that specifies 
the rules governing network access of the user) (Daenen, [0043-0045]). 

d. Consulting said user policy table to determine how to manage said 
user traffic subsequent to said user authentication messages (policy 
server keeps user profile which is used to determine the execution of rules 
governing user access) (Daenen, [0015 and 0044]). 

e. Managing subsequent user traffic based on said consulting step 
(policy server keeps user profile which is used to determine the execution 
of rules governing user access) (Daenen, [0015]). 
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As to claim 3, Daenen teaclnes said user policy table is located within said 
service policy director (storage module stores profile of user and is part of GPRS) 
(Daenen, [0047-0049]). 

As to claims 5, 9 and 13, Daenen teaches said authentication messages 
are using the RADIUS protocol (RADIUS) (Daenen, [0038]). 

As to claims 6, 1 1 and 15, Daenen teaches proxy mode, wherein the 
authentication messages in a provider network pass through the service policy 
director, said network device modifies IP addresses of said authentication 
messages without any modification to the data of said authentication messages 
(GPRS can act as a proxy to the other servers) (Daenen, [0051]). 

As to claim 7, Daenen teaches: 

a. Determining by the service policy director a user policy table based 
on an at least an initial authentication message sent from a user to an 
authentication server (log in information is used to build a profile for the 
user that specifies the rules governing network access of the user) 

(Daenen, [0043-0045]). 

b. Identifying a user originating said network user traffic (GPRS 
constructs a profile of the user during authentication process) (Daenen, 
[0041 and 0043-0044]). 
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c. Consulting the user policy table to locate a user service policy 
corresponding to said user (policy server keeps user profile which is used 
to determine the execution of rules governing user access) (Daenen, 
[0015 and 0044]). 

d. Managing said network user traffic based on said consulting step 
by forwarding network user traffic to a requested server (authentication 
request is forwarded to the proper server) (Daenen, [0041]). 

As to claim 12, Daenen teaches: 

a. Receiving authentication messages for a user from an access 
server at said service policy director (user logs in through the access 
server to the connection policy server to the authentication server) 
(Daenen, [0040-0041]). 

b. Determining user identifies and service attributes associated with 
said user from at least a first authentication message from an 
authentication server (message information is used to build a profile for 
the user that specifies the rules governing network access of the user) 
(Daenen, [0043-0045]). 

c. Creating a user service policy entry in a user policy table for said 
identified user based on said service attributes (message information is 
used to build a profile for the user that specifies the rules governing 
network access of the user) (Daenen, [0043-0045]). 
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d. Consulting said user policy table to determine how to manage said 
user traffic subsequent to said user authentication messages (policy 
server keeps user profile which is used to determine the execution of rules 
governing user access) (Daenen, [0015 and 0044]). 

e. Managing subsequent user traffic based on said consulting step 
(policy server keeps user profile which is used to determine the execution 
of rules governing user access) (Daenen, [0015]). 

As to claim 16, Daenen teaches: 

a. A user request-issuing device (client computer) (Daenen, [0037] 

and fig. 1 , ref. 17). 

b. An access server forwarding authentication messages and user 
traffic from and to the user request-issuing device (access server) 
(Daenen, [0037] and fig. 1, ref. 12). 

c. A service provider network over which user authentication 
messages and user traffic originated by said user request-issuing device 
is transmitted (network) (Daenen, [0037]). 

d. An authentication server to which said user request-issuing device 
attempts to connect and by which said user request-issuing device is 
authenticated and registered (AAA) (Daenen, [0037] and fig. 1, ref. 15). 

e. A network device independent of said authentication server 
including a service policy director enforcing a service policy for said user 
request-issuing device, said network device receiving the authentication 
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messages and creating the service policy therefrom (the Connection 
Policy RADIUS Server (CPRS) is separate and independent of the access 
server and authentication server) (Daenen, [0032 and 0051]). 

As to claim 17, Daenen teaches said service policy director includes a 
user policy table (storage module stores profile of user and is part of CPRS) 
(Daenen, [0047-0049]). 

As to claim 18, Daenen teaches said policy table includes user identifier 
information and service attribute information (storage module stores profile of 
user which includes user specific information and policy rules that apply to the 
specific user) (Daenen, [0047-0050]). 

As to claim 26, Daenen teaches said network device including said service 
policy director functioning in a transparent mode, wherein the authentication 
messages in a provider network pass through the network device without any 
modification to the IP addresses and data of said authentication messages (the 
CPRS is transparent to the BAS and AAA) (Daenen, [0041]). 

As to claim 27, Daenen teaches said service policy director functioning in 
said transparent mode receives said user authentication request messages 
addressed to said authentication server and forwards said user authentication 
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request messages to said authentication server (the GPRS is transparent to the 
BAS and AAA) (Daenen, [0041]). 

As to claim 28, Daenen teaches said network device Including said 
networl< device including said service policy director functioning in a proxy mode, 
wherein the authentication messages in a provider network pass through the 
network device, said network device modifies IP addresses of said authentication 
messages without any modification to the data of said authentication messages 
(server acts as a proxy to other information servers) (Daenen, [0051]). 

As to claim 29, Daenen teaches said service policy director functioning In 
said proxy mode receives said user authentication messages addressed to said 
service policy director and forwards it to said authentication server (server acts 
as a proxy to other information servers) (Daenen, [0041 and 0051]). 

As to claim 31 , Daenen teaches a user request-Issuing device (pc, ref. 1 7) 
operatlvely connected to an access server (BAS, ref. 12), said access server 
being operatlvely connected to a service policy director (GPRS, ref. 13), said 
service policy director connected to an authentication server (AAAO and/or AAA1 , 
ref 15), and said authentication server being operatlvely connected to said user 
request-Issuing device via the access server (Daenen, fig. 1 and associated text), 
wherein said service policy director receives a user authentication request 
message addressed to said authentication server, forwards said user 
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authentication request messages to said authentication server (user logs in and 
authentication message is transferred from the access server to the CPRS to the 
AAA) (Daenen, [0038-0041]), wherein said service policy director, which is 
separate from said access server and said authentication server (the Connection 
Policy RADIUS Server (CPRS) is separate and independent of the access server 
and authentication server) (Daenen, [0032 and 0051]), creates a service policy 
from the received authentication request message (message information is used 
to build a profile for the user that specifies the rules governing network access of 
the user) (Daenen, [0043-0045]). 

As to claim 32, Daenen teaches said service policy director functions in a 
transparent mode, wherein the authentication messages in a provider network 
pass through the service policy director without any modification to the IP 
address and data of said authentication messages (the CPRS is transparent to 
the BAS and AAA) (Daenen, [0041]). 

Claim Rejections - 35 USC § 103 

1 3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the phor art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 
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14. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 
148 USPQ 459 (1966), that are applied for establishing a background for 
determining obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at 
Issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

15. Claims 4, 10, 14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent Application Publication No. 2003/0140151 to 
Daenen et al. (hereinafter Daenen) as applied to claims 1, 7 and 12 respectively 
above, and further in view of US Patent No. 7,073,055 to Freed et al. (hereinafter 
Freed). 

As to claims 4, 10 and 14, Daenen does not expressly mention what the 
rules governing access comprise. However, in an analogous art, Freed teaches 
said service policy director offers internal network services comprising at least 
one of bandwidth management (user profile attributes include access-rate 
settings) (Freed, column 14, lines 21-23). 

Therefore, one of ordinary skill in the art at the time the invention was 
make would have been motivated to implement the access control of Daenen 
with the access-rate settings of Freed in order to ensure that the user is given the 
correct configuration rules for accessing the network resources as suggested by 
Freed (Freed, col. 14, lines 23-30). 
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1 6. Claims 1 9-25 and 30 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over US Patent Application Publication No. 2003/0140151 to 
Daenen et al. (hereinafter Daenen) as applied to claim 16 above, and further in 
view of US Patent No. 7,073,055 to Freed et al. (hereinafter Freed). 

As to claim 19, Daenen does not expressly mention storing the IP address 
in the user profile. However, in an analogous art. Freed teaches said user 
identifier information includes at least an Internet/intranet address (IP address is 
part of user profile) (Freed, column 13, line 60-column 14, line 7). 

Therefore, one of ordinary skill in the art at the time the invention was 
made would have been motivated to implement the access control of Daenen 
with the inclusion of the IP address of the user in user profile of Freed in order to 
ensure service delivery to the user as suggest by Freed (Freed, column 13, lines 
60-65). 

As to claim 20, Daenen as modified teaches said user identifier 
information a username (user profile contains user identity which can include a 
username) (Freed, column 13, lines 18-47). 

As to claim 21, Daenen as modified teaches said attribute information 
includes any one or more of the following: access privileges parameters, traffic 
logging mechanisms and user activity statistics entitlement parameters, security 
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services entitlement parameters, or service quality level parameters (service 
parameters are specified in the user profile) (Freed, column 18, lines 10-42). 

As to claim 22, Daenen as modified teaches said service quality level 
parameters include any one or more of the following: a bandwidth limit, a 
bandwidth guarantee, or a bandwidth priority (maximum bandwidth is defined) 
(Freed, column 19, lines 1-3). 

As to claim 23, Daenen as modified teaches said service attributes define 
services offered by said service policy director, said services including any one or 
more of the following: classification of network user traffic, modification of 
network user traffic, forwarding of network user traffic, or logging of single 
network user traffic statistics (at least two types of network service: normal 
service type and premium service type) (Freed, column 17, lines 40-63 and 
figures 7A and 7B). 

As to claim 24, Daenen as modified teaches said network device offers 
internal network services including at least one of bandwidth management, 
access control or network usage statistics (network entities have an internal 
bandwidth manager) (Freed, column 8, lines 5-18). 

As to claim 25, Daenen as modified teaches a plurality of said service 
policy directors reside on a network (network is composed of a plurality of 
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operational, administrative and maintenance servers) (Freed, column 7, lines 23- 
52). 

As to claim 30, Daenen as modified teaches said network device 
comprising said service policy director functioning in a passive mode, wherein 
the authentication messages in a provider network are copied to the network 
device (a first network device creates the certificates and these certificates are 
transferred to RADIUS server for authentication) (Freed, column 18, lines 10-42). 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to WILLIAM S. POWERS whose telephone 
number is (571 )272-8573. The examiner can normally be reached on m-f 7:30- 
5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 


Application/Control Number: 1 0/71 3,677 Page 1 6 

Art Unit: 2134 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 


/W. S. P./ William S. Powers 

Examiner, Art Unit 2134 Examiner 

Art Unit 2134 

7/29/2008 


/ELLEN IRAN/ 

Primary Examiner, Art Unit 2134 


